Bill Text

To provide for the sharing of certain cyber threat intelligence and
cyber threat information between the intelligence community and
cybersecurity entities, and for other purposes.

Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

This Act may be cited as the ``Cyber Intelligence Sharing and
Protection Act''.

SEC. 2. CYBER THREAT INTELLIGENCE AND INFORMATION SHARING.

(a) In General.--Title XI of the National Security Act of 1947 (50
U.S.C. 442 et seq.) is amended by adding at the end the following new
section:

``cyber threat intelligence and information sharing

``Sec. 1104. (a) Intelligence Community Sharing of Cyber Threat
Intelligence With Private Sector and Utilities.--
``(1) In general.--The Director of National Intelligence
shall establish procedures to allow elements of the
intelligence community to share cyber threat intelligence with
private-sector entities and utilities and to encourage the
sharing of such intelligence.
``(2) Sharing and use of classified intelligence.--The
procedures established under paragraph (1) shall provide that
classified cyber threat intelligence may only be--
``(A) shared by an element of the intelligence
community with--
``(i) a certified entity; or
``(ii) a person with an appropriate
security clearance to receive such cyber threat
intelligence;
``(B) shared consistent with the need to protect
the national security of the United States; and
``(C) used by a certified entity in a manner which
protects such cyber threat intelligence from
unauthorized disclosure.
``(3) Security clearance approvals.--The Director of
National Intelligence shall issue guidelines providing...

District: 1st

Popularity Trend

Organizations Supporting

February 13, 2013
Dear Representatives Rogers and Ruppersberger:
Our organizations—representing multiple sectors of the American economy—support the introduction of the Cyber Intelligence Sharing and Protection Act. The bill earned more than 100 bipartisan co-sponsors last year because your colleagues recognized that it would enhance public-private collaboration in countering an array of cyber threats to U.S. national and economic security.
This legislation is necessary to create a powerful sea change in the current information-sharing practices between government and the business community that reflects the conditions of an increasingly digital world. Our organizations have consistently supported legislation that would put timely, reliable, and actionable information into the hands of business owners and operators so that they can better protect their systems and assets against nefarious actors, including rogue individuals, organized criminals, and groups carrying out state-sponsored attacks.
The bill supports existing information-sharing and analysis organizations and incorporates lessons learned from pilot programs and exercises undertaken by critical infrastructure sectors. These initiatives offer complementary, demonstrated models for enabling the government to share cyber threat intelligence with the private sector—thereby affording security professionals the opportunity to implement measures intended to reduce a business’ cyber risk profile—while protecting privacy and civil liberties.
In addition, the bill provides the needed legal certainty that threat and vulnerability information voluntarily shared with the government would be provided safe harbor against the risk of frivolous lawsuits, would be exempt from public disclosure, and could not be used by officials to regulate other activities. The legislation also includes an exemption from antitrust laws, which limit exchanges of information between private entities, in order to help prevent, investigate, and mitigate threats to cybersecurity.
We welcome the introduction of the Cyber Intelligence Sharing and Protection Act and urge your colleagues to co-sponsor it. We appreciate that you wrote the bill in a bipartisan and open manner and have worked diligently to seek common ground with privacy and civil liberties organizations on issues such as the definition of cyber threat information and how the government can use the information that it receives from companies and utilities. You added several amendments to better protect individuals’ privacy prior to House passage last year. Our organizations encourage you to continue the dialogue with these communities as the bill moves forward.
Passing the Cyber Intelligence Sharing and Protection Act is a specific action that Congress can take to bolster America’s cybersecurity while protecting personal privacy. We look forward to working with you and your staff on this important issue.
(Letter provided to POPVOX by Congressional office.)

February 13, 2013
Dear Representatives Rogers and Ruppersberger:
Our organizations—representing multiple sectors of the American economy—support the introduction of the Cyber Intelligence Sharing and Protection Act. The bill earned more than 100 bipartisan co-sponsors last year because your colleagues recognized that it would enhance public-private collaboration in countering an array of cyber threats to U.S. national and economic security.
This legislation is necessary to create a powerful sea change in the current information-sharing practices between government and the business community that reflects the conditions of an increasingly digital world. Our organizations have consistently supported legislation that would put timely, reliable, and actionable information into the hands of business owners and operators so that they can better protect their systems and assets against nefarious actors, including rogue individuals, organized criminals, and groups carrying out state-sponsored attacks.
The bill supports existing information-sharing and analysis organizations and incorporates lessons learned from pilot programs and exercises undertaken by critical infrastructure sectors. These initiatives offer complementary, demonstrated models for enabling the government to share cyber threat intelligence with the private sector—thereby affording security professionals the opportunity to implement measures intended to reduce a business’ cyber risk profile—while protecting privacy and civil liberties.
In addition, the bill provides the needed legal certainty that threat and vulnerability information voluntarily shared with the government would be provided safe harbor against the risk of frivolous lawsuits, would be exempt from public disclosure, and could not be used by officials to regulate other activities. The legislation also includes an exemption from antitrust laws, which limit exchanges of information between private entities, in order to help prevent, investigate, and mitigate threats to cybersecurity.
We welcome the introduction of the Cyber Intelligence Sharing and Protection Act and urge your colleagues to co-sponsor it. We appreciate that you wrote the bill in a bipartisan and open manner and have worked diligently to seek common ground with privacy and civil liberties organizations on issues such as the definition of cyber threat information and how the government can use the information that it receives from companies and utilities. You added several amendments to better protect individuals’ privacy prior to House passage last year. Our organizations encourage you to continue the dialogue with these communities as the bill moves forward.
Passing the Cyber Intelligence Sharing and Protection Act is a specific action that Congress can take to bolster America’s cybersecurity while protecting personal privacy. We look forward to working with you and your staff on this important issue.
(Letter provided to POPVOX by Congressional office.)

February 13, 2013
Dear Representatives Rogers and Ruppersberger:
Our organizations—representing multiple sectors of the American economy—support the introduction of the Cyber Intelligence Sharing and Protection Act. The bill earned more than 100 bipartisan co-sponsors last year because your colleagues recognized that it would enhance public-private collaboration in countering an array of cyber threats to U.S. national and economic security.
This legislation is necessary to create a powerful sea change in the current information-sharing practices between government and the business community that reflects the conditions of an increasingly digital world. Our organizations have consistently supported legislation that would put timely, reliable, and actionable information into the hands of business owners and operators so that they can better protect their systems and assets against nefarious actors, including rogue individuals, organized criminals, and groups carrying out state-sponsored attacks.
The bill supports existing information-sharing and analysis organizations and incorporates lessons learned from pilot programs and exercises undertaken by critical infrastructure sectors. These initiatives offer complementary, demonstrated models for enabling the government to share cyber threat intelligence with the private sector—thereby affording security professionals the opportunity to implement measures intended to reduce a business’ cyber risk profile—while protecting privacy and civil liberties.
In addition, the bill provides the needed legal certainty that threat and vulnerability information voluntarily shared with the government would be provided safe harbor against the risk of frivolous lawsuits, would be exempt from public disclosure, and could not be used by officials to regulate other activities. The legislation also includes an exemption from antitrust laws, which limit exchanges of information between private entities, in order to help prevent, investigate, and mitigate threats to cybersecurity.
We welcome the introduction of the Cyber Intelligence Sharing and Protection Act and urge your colleagues to co-sponsor it. We appreciate that you wrote the bill in a bipartisan and open manner and have worked diligently to seek common ground with privacy and civil liberties organizations on issues such as the definition of cyber threat information and how the government can use the information that it receives from companies and utilities. You added several amendments to better protect individuals’ privacy prior to House passage last year. Our organizations encourage you to continue the dialogue with these communities as the bill moves forward.
Passing the Cyber Intelligence Sharing and Protection Act is a specific action that Congress can take to bolster America’s cybersecurity while protecting personal privacy. We look forward to working with you and your staff on this important issue.
(Letter provided to POPVOX by Congressional office.)

February 13, 2013
Dear Representatives Rogers and Ruppersberger:
Our organizations—representing multiple sectors of the American economy—support the introduction of the Cyber Intelligence Sharing and Protection Act. The bill earned more than 100 bipartisan co-sponsors last year because your colleagues recognized that it would enhance public-private collaboration in countering an array of cyber threats to U.S. national and economic security.
This legislation is necessary to create a powerful sea change in the current information-sharing practices between government and the business community that reflects the conditions of an increasingly digital world. Our organizations have consistently supported legislation that would put timely, reliable, and actionable information into the hands of business owners and operators so that they can better protect their systems and assets against nefarious actors, including rogue individuals, organized criminals, and groups carrying out state-sponsored attacks.
The bill supports existing information-sharing and analysis organizations and incorporates lessons learned from pilot programs and exercises undertaken by critical infrastructure sectors. These initiatives offer complementary, demonstrated models for enabling the government to share cyber threat intelligence with the private sector—thereby affording security professionals the opportunity to implement measures intended to reduce a business’ cyber risk profile—while protecting privacy and civil liberties.
In addition, the bill provides the needed legal certainty that threat and vulnerability information voluntarily shared with the government would be provided safe harbor against the risk of frivolous lawsuits, would be exempt from public disclosure, and could not be used by officials to regulate other activities. The legislation also includes an exemption from antitrust laws, which limit exchanges of information between private entities, in order to help prevent, investigate, and mitigate threats to cybersecurity.
We welcome the introduction of the Cyber Intelligence Sharing and Protection Act and urge your colleagues to co-sponsor it. We appreciate that you wrote the bill in a bipartisan and open manner and have worked diligently to seek common ground with privacy and civil liberties organizations on issues such as the definition of cyber threat information and how the government can use the information that it receives from companies and utilities. You added several amendments to better protect individuals’ privacy prior to House passage last year. Our organizations encourage you to continue the dialogue with these communities as the bill moves forward.
Passing the Cyber Intelligence Sharing and Protection Act is a specific action that Congress can take to bolster America’s cybersecurity while protecting personal privacy. We look forward to working with you and your staff on this important issue.
(Letter provided to POPVOX by Congressional office.)

February 13, 2013
Dear Representatives Rogers and Ruppersberger:
Our organizations—representing multiple sectors of the American economy—support the introduction of the Cyber Intelligence Sharing and Protection Act. The bill earned more than 100 bipartisan co-sponsors last year because your colleagues recognized that it would enhance public-private collaboration in countering an array of cyber threats to U.S. national and economic security.
This legislation is necessary to create a powerful sea change in the current information-sharing practices between government and the business community that reflects the conditions of an increasingly digital world. Our organizations have consistently supported legislation that would put timely, reliable, and actionable information into the hands of business owners and operators so that they can better protect their systems and assets against nefarious actors, including rogue individuals, organized criminals, and groups carrying out state-sponsored attacks.
The bill supports existing information-sharing and analysis organizations and incorporates lessons learned from pilot programs and exercises undertaken by critical infrastructure sectors. These initiatives offer complementary, demonstrated models for enabling the government to share cyber threat intelligence with the private sector—thereby affording security professionals the opportunity to implement measures intended to reduce a business’ cyber risk profile—while protecting privacy and civil liberties.
In addition, the bill provides the needed legal certainty that threat and vulnerability information voluntarily shared with the government would be provided safe harbor against the risk of frivolous lawsuits, would be exempt from public disclosure, and could not be used by officials to regulate other activities. The legislation also includes an exemption from antitrust laws, which limit exchanges of information between private entities, in order to help prevent, investigate, and mitigate threats to cybersecurity.
We welcome the introduction of the Cyber Intelligence Sharing and Protection Act and urge your colleagues to co-sponsor it. We appreciate that you wrote the bill in a bipartisan and open manner and have worked diligently to seek common ground with privacy and civil liberties organizations on issues such as the definition of cyber threat information and how the government can use the information that it receives from companies and utilities. You added several amendments to better protect individuals’ privacy prior to House passage last year. Our organizations encourage you to continue the dialogue with these communities as the bill moves forward.
Passing the Cyber Intelligence Sharing and Protection Act is a specific action that Congress can take to bolster America’s cybersecurity while protecting personal privacy. We look forward to working with you and your staff on this important issue.
(Letter provided to POPVOX by Congressional office.)

Organizations Opposing

Regulation of Internet and providing personal information to the federal Government without any oversight as to Civil Liberties or regarding Private information being shared without permission violates HIIPA

April 16, 2013 - STATEMENT OF ADMINISTRATION POLICY
Both government and private companies need cyber threat information to allow them to identify, prevent, and respond to malicious activity that can disrupt networks and could potentially damage critical infrastructure. The Administration believes that carefully updating laws to facilitate cybersecurity information sharing is one of several legislative changes essential to protect individuals' privacy and improve the Nation's cybersecurity. While there is bipartisan consensus on the need for such legislation, it should adhere to the following priorities: (1) carefully safeguard privacy and civil liberties; (2) preserve the long-standing, respective roles and missions of civilian and intelligence agencies; and (3) provide for appropriate sharing with with targeted liability protections.
The Administration recognizes and appreciates that the House Permanent Select Committee on Intelligence (HPSCI) adopted several amendments to H.R. 624 in an effort to incorporate the Administration's important substantive concerns. However, the Administration still seeks additional improvements and if the bill, as currently crafted, were presented to the President, his senior advisors would recommend that he veto the bill. The Administration seeks to build upon the continuing dialogue with the HPSCI and stands ready to work with members of Congress to incorporate our core priorities to produce cybersecurity information sharing legislation that addresses these critical issues.
H.R. 624 appropriately requires the Federal Government to protect privacy when handling cybersecurity information. Importantly, the Committee removed the broad national security exemption, which significantly weakened the restrictions on how this information could be used by the government. The Administration, however, remains concerned that the bill does not require private entities to take reasonable steps to remove irrelevant personal information when sending cybersecurity data to the government or other private sector entities. Citizens have a right to know that corporations will be held accountable – and not granted immunity – for failing to safeguard personal information adequately. The Administration is committed to working with all stakeholders to find a workable solution to this challenge. Moreover, the Administration is confident that such measures can be crafted in a way that is not overly onerous or cost prohibitive on the businesses sending the information. Further, the legislation should also explicitly ensure that cyber crime victims continue to report such crimes directly to Federal law enforcement agencies, and continue to receive the same protections that they do today.
The Administration supports the longstanding tradition to treat the Internet and cyberspace as civilian spheres, while recognizing that the Nation's cybersecurity requires shared responsibility from individual users, private sector network owners and operators, and the appropriate collaboration of civilian, law enforcement, and national security entities in government. H.R. 624 appropriately seeks to make clear that existing public-private relationships – whether voluntary, contractual, or regulatory – should be preserved and uninterrupted by this newly authorized information sharing. However, newly authorized information sharing for cybersecurity purposes from the private sector to the government should enter the government through a civilian agency, the Department of Homeland Security.
Recognizing that the government will continue to receive cybersecurity information through a range of civilian, law enforcement, and national security agencies, legislation must promote appropriate sharing within the government. As stated above, this sharing must be consistent with cybersecurity use restrictions, the cybersecurity responsibilities of the agencies involved, as well as privacy and civil liberties protections and transparent oversight. Such intra-governmental sharing and use should not be subject to undue restrictions by the private sector companies that originally share the information. To be successful in addressing the range of cyber threats the Nation faces, it is vital that intra-governmental sharing be accomplished in as near real-time as possible.
The Administration agrees with the need to clarify the application of existing laws to remove legal barriers to the private sector sharing appropriate, well-defined, cybersecurity information. Further, the Administration supports incentivizing industry to share appropriate cybersecurity information by providing the private sector with targeted liability protections. However, the Administration is concerned about the broad scope of liability limitations in H.R. 624. Specifically, even if there is no clear intent to do harm, the law should not immunize a failure to take reasonable measures, such as the sharing of information, to prevent harm when and if the entity knows that such inaction will cause damage or otherwise injure or endanger other entities or individuals.
Information sharing is one piece of a larger set of legislative requirements to provide the private sector, the Federal Government, and law enforcement with the necessary tools to combat the current and emerging cyber threats facing the Nation. In addition to updating information sharing statutes, the Congress should incorporate privacy and civil liberties safeguards into all aspects of cybersecurity and enact legislation that: (1) strengthens the Nation's critical infrastructure's cybersecurity by promoting the establishment and adoption of standards for critical infrastructure; (2) updates laws guiding Federal agency network security; (3) gives law enforcement the tools to fight crime in the digital age; and (4) creates a National Data Breach Reporting requirement.

Every new law for our "safety" only leads to more laws down the road. Americans are not more safe when government watches over them. They become more vulnerable.
Government's power should be limited to basic Constitutional functions without infringing on the God given rights our founders articulated so well.
The loss of liberty does not generate safety. It provides a platform for future governments to abuse and expand until Liberty is only a memory.

March 11, 2013
Dear Representative:
We the undersigned organizations write in opposition to H.R. 624, the Cyber Intelligence Sharing and Protection Act of 2013 (CISPA). We are gravely concerned that this bill will allow companies that hold very sensitive and personal information to liberally share it with the government, which could then use the information without meaningful oversight for purposes unrelated to cybersecurity.
CISPA creates an exception to all privacy laws to permit companies to share our information with each other and with the government in the name of cybersecurity. Although a carefully-crafted information sharing program that strictly limits the information to be shared and includes robust privacy safeguards could be an effective approach to cybersecurity, CISPA lacks such protections for individual rights. CISPA’s information sharing regime allows the transfer of vast amounts of data, including sensitive information like internet records or the content of emails, to any agency in the government including military and intelligence agencies like the National Security Agency or the Department of Defense Cyber Command. Once in government hands, this information can be used for undefined ‘national security’ purposes unrelated to cybersecurity.
Developments over the last year make CISPA’s approach even more questionable than before. First, the President recently signed Executive Order 13636, which will increase information sharing from the government to the private sector. Information sharing in this direction is often cited as a substantial justification for CISPA and will proceed without legislation. Second, the cybersecurity legislation the Senate considered last year, S. 3414, included privacy protections for information sharing that are entirely absent from CISPA, and the Obama administration, including the intelligence community, has confirmed that those protections would not inhibit cybersecurity programs. These included provisions to ensure that private companies send cyber threat information only to civilian agencies, and stricter limits on how this information may be used. Finally, witnesses at a hearing before the House Permanent Select Committee on Intelligence confirmed only weeks ago that companies can strip out personally identifiably information that is not necessary to address cyber threats, and CISPA omits any requirement that reasonable efforts be undertaken to do so.
We continue to oppose CISPA and encourage you to vote ‘no.’ Fundamental changes to this bill are required to address the many civil liberties problems.
(Letter provided to POPVOX by Congressional office.)

Users Supporting

I support CISPA (Cyber Intelligence Sharing and Protection Act) because as a web host I constantly face and must guard against hackers attempting to access my servers. I need government to spend some money developing open source means to protect the internet.

I support H.R. 624: Cyber Intelligence Sharing and Protection Act because...
Though I shudder at the saying "since privacy is dead we should give the body away too", I know we are under attack daily. Please make sure we don't give away anymore of our precious privacy with this bill. Not all who hold the reins of power will be honorable.
Thank you for your service

I support H.R. 624: Cyber Intelligence Sharing and Protection Act because I believe that the NSA and other agencies need broad access to information leading to threats to national security. They need access to information.
Realistically, agregate data collected by federal agencies is not a realistic threat to my personal privacy. The motives against this bill are ridiculus things, like "I don't want the government to know about my porn access." When you trade the government knowing what web sites I use, compared to my home being safe from threats, I would choose safety every time.

Users Opposing

I oppose CISPA (Cyber Intelligence Sharing and Protection Act) because we have fought this bill, and every iteration that came before it (SOPA, PIPA, CISPA) that threatens freedom on the internet.
Please stop trying. We won't give up.

I oppose CISPA (Cyber Intelligence Sharing and Protection Act) because it's just another law designed as a whole to control the way people use the internet. And for the NSA to spy on it's own people, I presume.

I oppose CISPA (Cyber Intelligence Sharing and Protection Act) because...Just another bill to let the NSA and Dept of Homeland 'security' run wild and rampant over even more of Americans freedoms. Government once again insinuating itself into an area that they have no Constitutional power to do. And in the end, if this is passed - Congress will tax us to do it.

I oppose CISPA (Cyber Intelligence Sharing and Protection Act) because... I, like the EFF, am gravely concerned that this bill will allow companies that hold very sensitive and personal information to liberally share it with the government, which could then use the information without meaningful oversight for purposes unrelated to cybersecurity.

Bill Summary

4/18/2013--Passed House amended. Cyber Intelligence Sharing and Protection Act - (Sec. 2) Directs the federal government to conduct cybersecurity activities to provide shared situational awareness enabling integrated operational actions to protect, prevent, mitigate, respond to, and recover from cyber incidents. Defines "shared situational awareness" as an environment where cyber threat information is shared in real time between all designated federal cyber operations centers to provide actionable information about all known cyber threats. Directs the President, with respect to information shared by a cybersecurity provider (a non-federal entity that provides goods or services intended to be used for cybersecurity purposes) or self-protected entity (an entity that provides goods or services for cybersecurity purposes to itself), to designate: (1) an entity within the Department of Homeland Security (DHS) as the civilian federal entity to receive cyber threat information under prescribed procedures and subject to specified exceptions, and (2) an entity within the Department of Justice (DOJ) as the civilian federal entity to receive information related to cybersecurity crimes. Requires federal agencies receiving shared cyber threat information to establish procedures to: (1) ensure that specified information is also shared in real time with appropriate federal agencies with a national security mission; (2) ensure real-time information distribution to other federal agencies; and (3) facilitate information sharing, interaction, and collaboration among and between federal, state, local, tribal, and territorial governments, cybersecurity providers, and self-protected entities. Directs the DHS, Attorney General, Director of National Intelligence (DNI), and Department of Defense (DOD) to jointly establish and periodically review policies and procedures governing the receipt, retention, use, and disclosure of non-publicly available cyber threat information shared with the federal government. Requires such procedures, consistent with the need to protect against and mitigate cyber threats in a timely manner, to: (1) minimize the impact on privacy and civil liberties; (2) reasonably limit the receipt, retention, use, and disclosure of cyber threat information associated with specific persons that is unnecessary to protect against or mitigate cyber threats in a timely manner; (3) include requirements to safeguard non-publicly available cyber threat information that may be used to identify specific persons from unauthorized access or acquisition; (4) protect the confidentiality of cyber threat information associated with specific persons; and (5) not delay or impede the flow of cyber threat information necessary to defend against or mitigate a cyber threat. Instructs: (1) the DHS, Attorney General, DNI, and DOD to submit such procedures to Congress and establish a program to monitor and oversee the compliance of federal agencies; and (2) federal agencies to implement such procedures and notify such officials and Congress of any significant violations. Prohibits such procedures from being construed to prohibit any federal agency from engaging in technical discussions regarding cyber threat information with a cybersecurity provider or self-protected entity or from providing technical assistance to address vulnerabilities or mitigate threats at their request. Requires any such activity to be coordinated with DHS and other agencies. Directs the President's designated DHS entity to share with all appropriate federal agencies all significant information resulting from: (1) technical discussions with a cybersecurity provider or self-protected entity about cyber threat information, or (2) any technical assistance it provides to such cybersecurity provider or such self-protected entity to address vulnerabilities or mitigate threats. Directs the DHS Inspector General to submit annually to Congress a review of the use of such information shared with the federal government, as well as recommendations for improvements and modifications to address privacy and civil liberties concerns. Requires the DHS Officer for Civil Rights and Civil Liberties to submit to Congress an annual report assessing the privacy and civil liberties impact of the federal government's cyber threat information sharing activities. (Sec. 3) Amends the National Security Act of 1947 to add provisions concerning cyber threat intelligence and information sharing. Defines "cyber threat intelligence" as intelligence in the possession of an element of the intelligence community directly pertaining to: (1) a vulnerability of a system or network of a government or private entity or utility; (2) a threat to the integrity, confidentiality, or availability of such a system or network or any information stored on, processed on, or transiting such a system or network; (3) efforts to deny access to or degrade, disrupt, or destroy such a system or network; or (4) efforts to gain unauthorized access to such a system or network, including for the purpose of exfiltrating information. Excludes intelligence pertaining to efforts to gain unauthorized access to such a system or network that solely involve violations of consumer terms of service or consumer licensing agreements and do not otherwise constitute unauthorized access. Requires the DNI to: (1) establish procedures to allow intelligence community elements to share cyber threat intelligence with private-sector entities and utilities, and (2) encourage the sharing of such intelligence. Requires the procedures established to ensure that such intelligence is only: (1) shared with certified entities or a person with an appropriate security clearance; (2) shared consistent with the need to protect U.S. national security; (3) used in a manner that protects such intelligence from unauthorized disclosure; and (4) used, retained, or further disclosed by a certified entity for cybersecurity purposes. Provides guidelines for the granting of security clearance approvals to certified entities or officers, employees, or independent contractors of such entities. Prohibits a certified entity receiving such intelligence from further disclosing the information to any entity other than another certified entity or a federal agency authorized to receive such intelligence. Authorizes a cybersecurity provider, with the express consent of a protected entity (an entity that contracts with a cybersecurity provider), to: (1) use cybersecurity systems to identify and obtain cyber threat information in order to protect the rights and property of the protected entity; and (2) share cyber threat information with any other entity designated by the protected entity, including, if specifically designated, the DHS and DOJ entities designated by the President. Provides cybersecurity system use and threat information sharing authority to self-protected entities. Sets forth requirements with respect to the use and protection of shared information, including anonymization or minimization of such information and prohibiting the use of such information to gain a competitive advantage and, if shared with the federal government, exempts such information from public disclosure and prohibits the use of such information for regulatory purposes. Specifies that a non-federal recipient may only use such information for a cybersecurity purpose. Prohibits a civil or criminal cause of action against a protected entity, a self-protected entity, or a cybersecurity provider acting in good faith under the above circumstances. Prohibits such shared information requirements from being construed to provide new authority to: (1) a cybersecurity provider to use a cybersecurity system to identify or obtain cyber threat information from a system or network other than a system or network owned or operated by a protected entity for which such cybersecurity provider is providing goods or services for cybersecurity purposes, or (2) a self-protected entity to use a cybersecurity system to identify or obtain cyber threat information from a system or network other than a system or network owned or operated by such self-protected entity. Allows the federal government to use shared cyber threat information for: (1) cybersecurity purposes to ensure the integrity, confidentiality, availability, or safeguarding of a system or network; (2) the investigation of cybersecurity crimes; or (3) the protection of individuals from the danger of death or serious bodily harm and the prosecution of crimes involving such dangers (including the protection of minors from child pornography, sexual exploitation, kidnapping, and trafficking). Prohibits the federal government from affirmatively searching such information for any other purpose. Prohibits the federal government from using certain personally identifiable information shared from sensitive personal documents such as library records, firearms sales records, educational records, tax returns, and medical records. Requires a federal agency receiving information that is not cyber threat information to so notify the entity or provider of such information. Prohibits federal agencies from retaining shared information for any unauthorized use. Outlines federal government liability for violations of restrictions on the disclosure, use, and protection of voluntarily shared information. Preempts any state statute that restricts or otherwise regulates specified activity authorized by this Act. States that nothing in this section shall be construed to: (1) provide additional authority to, or modify existing authority of, any element of the intelligence community to control or direct the cybersecurity efforts of a private-sector entity or a component of the federal government or a state, local, or tribal government; (2) limit or affect existing information sharing relationships of the federal government; (3) preclude the federal government from requiring an entity to report significant cyber incidents under another provision of law; or (4) provide additional authority to, or modify existing authority of, any entity to use a cybersecurity system owned or controlled by the federal government on a private-sector system or network to protect the latter system or network. Prohibits this section from being construed to authorize the DOD, National Security Agency (NSA), or any other intelligence community element to target a U.S. person for surveillance. (Sec. 4) Repeals amendments made by this Act five years after enactment of this Act. (Sec. 5) Expresses the sense of Congress that international cooperation with regard to cybersecurity should be encouraged wherever possible. (Sec. 6) Prohibits this Act from being construed to provide new or alter any existing authority for an entity to sell personal information of a consumer to another entity for marketing purposes. (Sec. 7) Prohibits this Act from being construed to authorize a federal agency to require a federally contracted cybersecurity provider to provide information about cybersecurity incidents that do not pose a threat to the federal government's information.